O'Reilly Security Speakers

Filter

Search Speakers

Dan Amiga is the cofounder and CTO of FireGlass, a cybersecurity startup that commercializes military-grade network security concepts into paradigm shifting enterprise security products. Dan has spent years doing IT security in the IDF Intelligence, where he was focused on inventing and developing new security solutions that go far beyond firewalls, proxies, or heuristic-based antimalware solutions. After moving to the private sector, Amiga has worked for the Microsoft Technology Center as a senior consultant for highly secure organizations, governments, and critical infrastructure companies. He then moved to the energy giant Schneider Electric, where he held the position of chief software architect. Dan has given talks at major international security and software conferences and is an adjunct professor at the Interdisciplinary Center, Israel, where he teaches advanced cloud computing topics.

Presentations

Your engineering team is using AWS for deploying applications, storing data, hybrid networking, and many other services, but what does it mean for IT security? Dan Amiga and Dor Knafoa offer a technical, hands-on overview of how engineering is using AWS and outline the missing security pieces that should be put in place.

Isolation is a new approach to security that is gaining momentum across many industries. Dan Amiga and Dor Knafo cover the important things you need to know about isolation: why now, how isolation can improve productivity, detection versus isolation, technologies, different approaches, caveats, evaluation criteria, live demos, and deployment strategies into the existing IT security environment.

Wayne Anderson is a director and global client information security lead at Avanade, where he leads security programs focused on supporting clients the world over. Wayne has more than a decade of experience in infrastructure and security and holds certifications from ISACA, GIAC, and the International Association of Software Architects.

Presentations

Global business offerings face a more complex regulatory environment than ever before. Wayne Anderson shares lessons learned from a multiyear program build to translate regulations and compliance obligations into practical security controls.

Don A. Bailey is a world-renowned security researcher and an expert in Internet of Things technology and embedded systems. The first security researcher in the IoT field, Don broke ground in 2011 by remotely hacking into a telematics system, turning on a vehicle’s engine, and unlocking its doors. With this demonstration (the first of its kind), Don inspired a new area of interest into telematics, automotive systems, and embedded security. After several more public, groundbreaking projects, he won a DARPA grant to evaluate the full scope of risk in the IoT space. His research was used as the foundation of the GSMA IoT Security Guidelines, which were released at Mobile World Congress in February of 2016. Don is currently developing secure IoT platforms at Lab Mouse, where is resides as the founder and CEO. He has given over 40 unique talks on security over the past decade and has given 8 Black Hat Briefings talks.

Presentations

We're all sick of hearing it. Day after day, another "junk hack" pops up in the news. The stories are tiring and repetitive, but what is a blue team to do? Don Bailey explains that defense in the IoT is less about the technology and more about the process of deploying, monitoring, and maintaining technology. With a well-defined set of processes, we can antiquate the concept of junk hacking.

James Baker is a senior software engineer on LinkedIn’s Feed (homepage) team, where he strives to provide an excellent experience for millions of LinkedIn members across the world. James has been active in web engineering roles since 2009 and has been in some type of IT role since 2004. He is based out of Silicon Valley and is passionate about writing enterprise-level, highly performant, secure, and accessible web applications.

Presentations

As traffic to websites and web applications increases, infrastructure must be put in place to handle scaling—but with that comes an increased risk for security breaches. James Baker and Mira Thambireddy dive into specific client-side vulnerabilities, discussing design patterns that scale an application securely and which frameworks currently in the market already employ these practices.

Frederic Branczyk is an engineer at CoreOS, where he contributes to Prometheus and Kubernetes to build state-of-the-art modern infrastructure and monitoring tools. Frederic discovered his interest in monitoring tools and distributed systems in his previous jobs, where he used machine learning to detect anomalies indicating intrusion attempts. He also worked on projects involving secrets management for distributed applications to build sane and stable infrastructure.

Presentations

Frederic Branczyk offers an overview of rkt, a container runtime engine developed by CoreOS that was designed for security. rkt can run the same container with varying degrees of protection, from lightweight, OS-level namespace and capabilities isolation to heavier, VM-level hardware virtualization.

Nate Brown is a developer at Slack, where he has helped to lead our security operations efforts. Nate has strong operational experience and a keen eye for security. He has contributed to numerous open source tools, including Vault, rsyslog, go-audit, and StreamStash.

Presentations

How should an organization approach monitoring networks and hosts to make informed security decisions? Ryan Huber and Nate Brown discuss useful examples of how security and operations teams can become more effective by scaling their visibility into large distributed networks using tools like kernel auditing and large-scale log processing with Elasticsearch and ElastAlert.

Ben Buchanan is a fellow at the Belfer Center Cybersecurity Project, where he conducts research on the intersection of cybersecurity and statecraft. Ben has written on attributing cyberattacks, deterrence in cyber operations, cryptography, and the spread of malicious code between nations and nonstate actors. His first book, The Cybersecurity Dilemma, will be published by Oxford University Press and Hurst this year. Ben holds a PhD in war studies from King’s College London, where he was a Marshall Scholar, as well as master’s and undergraduate degrees from Georgetown University.

Presentations

Who did it? Attributing computer network intrusions is commonly seen as one of the most intractable technical problems, solvable (or not) depending mainly on the available forensic evidence. But is it? Is this a productive understanding of attribution? Ben Buchanan shows that attribution is what companies—and governments—make of it.

Matthew Carroll is president and CEO of Immuta, a data privacy company focused on enabling the creation of regulated analytics. Matt has spent the past decade analyzing some of the world’s most complex datasets while supporting multiple US intelligence community customers. Previously, Matt served as CTO of CSC’s Defense & Intelligence group, where he led several key data fusion and analytics programs totaling over $150M in revenue and advised US government leadership on data management and analytics issues; he also oversaw product management at 42six, a DC-based professional services company, and led the organization post-acquisition by CSC. Matt served as an officer in the US Army and spent time overseas in Iraq and Afghanistan. He holds a bachelor of science in chemistry, biochemistry, and biology from Brandeis University.

Presentations

Algorithms influence our everyday decision making, but at what point does innovation turn into invasion? Matthew Carroll discusses how regulators and consumers can take back control by inserting legal checks and balances into the data science process.

Jonathan Clarke is the cofounder and chief product officer at Normation, an open source software company based in Paris. Jonathan mainly works on Rudder, a truly open source IT automation and compliance tool with professional enterprise requirements, automatic reporting, and lightweight agents at its heart. Jonathan is a system engineer by trade. In his professional life, he has worked almost exclusively with open source tools and dabbled with them well before that. He is also a contributor to several open source projects, including OpenLDAP, LSC, and CFEngine. In his spare time, Jonathan enjoys good food, real ale, cinema, and cycling around Paris.

Presentations

Rudder is an open source IT compliance automation tool that focuses on continuously checking configurations to provide a real-time high-level compliance status or break down noncompliance issues to a deep technical level. Jonathan Clarke offers an overview of Rudder and demonstrates how to use it to drill down to any issues that need remediating.

Tomer Cohen leads the team at Wix.com responsible for all R&D and production systems security. Previously, Tomer worked as an application security expert at Comsec Consulting, a cyber security consulting agency. Tomer was also one of the founders of the Magshimim cyber training program, which trains high-school students in Israel in cyber security.

Presentations

Using social logins is a good way to boost security. However, this often makes site owners complacent, skipping security measures they still need to maintain. Ido Safruti and Tomer Cohen explain how attackers have found ways to exploit this and bypass the auth providers’ defenses, attacking some of the world’s largest services, and demonstrate how to protect yourself from such attacks.

Trey Darley is currently serving as one of the cochairs in the OASISCTI TC. As director of Kingfisher Operations, Trey provides consulting services to organizations seeking to operationalize cyberthreat intelligence or needing assistance in navigating the STIX/TAXII standards process. Based in Brussels, Trey has been heavily involved in the CTI space since 2013. His career has taken him down many strange paths, from embedded hardware development to running IT on a major Hollywood production and from print advertising to infosec work at NATO HQ. More recently, he ventured into the dark world of software vendors,doing stints at Splunk and Soltra. Trey is a jack of all trades: part sysadmin, part software developer, part infosec guy, part network architect. In his copious spare time, he enjoys long walks, playing chess with his daughter, and tweaking his emacs config.

Presentations

Trey Darley cuts through the hype surrounding threat intelligence and reframes the concept within a broader historical context, showing how information sharing can be a effective tool for both organizations with sophisticated security programs and organizations falling below the security poverty line.

Stephen de Vries is founder of Continuum Security, where he leads product development of the IriusRisk threat modeling tool as well as the BDD-Security open source testing framework, which is used extensively in SecDevOps workflows. Stephen specializes in building software and providing services to secure the SDLC. He has a strong background in web application security, with an emphasis on automated security testing and risk assessment. Stephen has published numerous original research papers and presented at conferences including Blackhat USA/Europe, DevOps Connect, Devoxx, and OWASP, among others. Stephen’s 17 years’ experience in information security has included a broad range of disciplines from software development, security code reviews, and security assessment to risk management and architecture security reviews.

Presentations

Current approaches to threat modeling emphasize manual analysis by trained teams, which can result in a bottleneck in the development process, reducing the appeal of performing this activity. Stephen de Vries presents a technique that uses reusable risk patterns to open the door to automated and scalable threat modeling.

Mark Donsky leads data management and governance solutions at Cloudera. Previously, Mark held product management roles at companies such as Wily Technology, where he managed the flagship application performance management solution, and Silver Spring Networks, where he managed big data analytics solutions that reduced greenhouse gas emissions. He holds a BS with honors in computer science from the University of Western Ontario.

Presentations

Alexandre Dulaunoy works at the Luxembourgian Computer Security Incident Response Team (CSIRT) CIRCL in the research and operational fields. He is also lecturer in information security at Paul-Verlaine University in Metz and the University of Luxembourg. Alexandre encountered his first computer in the ’80s—and promptly disassembled it to learn how the thing worked. Previously, Alexandre manager of global information security at SES, a leading international satellite operator, and worked as senior security network consultant at Ubizen (now Cybertrust) and other companies. He also cofounded Conostix, a startup that specialized in information security management. Alexandre enjoys working on projects that blend “free information,” innovation, and direct social improvement. When not gardening binary streams, he likes facing the reality of ecosystems while gardening plants or doing photography. He enjoys it when humans use machines in unexpected ways.

Presentations

Information sharing is a key element in detecting security breaches and proactively protecting information systems and infrastructures, but the practical aspect is often forgotten. Alexandre Dulaunoy offers an overview of MISP, a free software tool that supports information-sharing practices among communities, and shares some lessons learned while building it.

Thomas Dullien (aka Halvar Flake) started work in reverse engineering and digital rights management in the mid-’90s and began to apply reverse engineering to vulnerability research shortly thereafter. He pioneered early Windows heap exploitation, patch diffing/bindiffing, and various other reverse engineering techniques. In 2004, Halvar started zynamics, a company focused on reverse engineering technologies. He continued to publish about reverse engineering, ROP gadget search, and knowledge management technologies in relation to reverse engineering. In 2011, zynamics was acquired by Google, and Halvar spent the next few years working on defensive technologies that leveraged the then-hot buzzwords big data and machine learning. In summer 2015, Halvar received the lifetime achievement Pwnie and decided to take a year off to travel, read, and surf.

Presentations

Thomas Dullien explores how our software and hardware stacks could be rearchitected to allow reliable detection of compromise and outlines a number of different technologies that are needed for this, including reproducible builds, public ledgers like certificate transparency, and hardware with nonupdateable checksumming that is user inspectable.

Lisa Jiggetts is the founder and CEO of the Women’s Society of Cyberjutsu (WSC), which provides women with the resources and support required to enter and advance as cybersecurity professionals. Lisa and her organization have been profiled in Fortune, SC magazine, and PenTest Magazine, among others, and she is proud to be known as a straight-up but down-to-earth motivator to the women she mentors. She is a sought-after presenter and has been a guest speaker for numerous conferences and podcasts. Lisa, a service-disabled veteran, began her cyber career in the military, where she excelled as an IT security specialist. With over 20 years of information technology experience, 17 of them in cybersecurity, her experience spans risk assessments, penetration testing, vulnerability assessments, and policy development across military, government, and commercial industries. She holds a variety of technical and management certifications as well as a bachelor’s degree in information technology from the University of Maryland University College and an MBA. Not just a full time geek with a passion for making a difference, Lisa is also an accomplished artist.

Presentations

You don’t have to be a SOC analyst or an incident response guru to leverage network forensics. Marcelle Lee and Lisa Foreman-Jiggetts explore the wealth of information that can be learned through network traffic analysis.

Richard Freytag is the owner of a small development and contracting company, Freytag & Company, whose clients have included the Department of Defense. Most of Freytag & Company’s products target the .NET platform and range from email add-ins, phone apps, and desktop applications to SaaS offerings in the cloud, and its most important products combine machine learning and computer security as core features.

Presentations

Tests of pseudo-random number generator (PRNG) performance use deterministic analysis to expose weaknesses, which new PRNGs are designed to satisfy. Modern supervised learning algorithms offer an improved method to test PRNG performance. Richard Freytag offers a short, concrete, and intuitive exploration of how to apply machine learning as a black box in pseudo-random number generators.

Eddie Garcia is chief information security officer at Cloudera, a leader in enterprise analytic data management, where he draws on his more than 20 years of information and data security experience to help Cloudera Enterprise customers reduce security and compliance risks associated with sensitive datasets stored and accessed in Apache Hadoop environments. Previously, Eddie was the vice president of infosec and engineering for Gazzang prior to its acquisition by Cloudera, where he architected and implemented secure and compliant big data infrastructures for customers in the financial services, healthcare, and public sector industries to meet PCI, HIPAA, FERPA, FISMA, and EU data security requirements. He was also the chief architect of the Gazzang zNcrypt product and is author of three patents for data security.

Presentations

The use of big data and machine learning to detect and predict security threats is a growing trend, with interest from financial institutions, telecommunications providers, healthcare companies, and governments alike. But is this technology all hype or real? Eddie Garcia explores how companies use Hadoop-based solutions to protect their organizations.

Charles Givre is an unapologetic data geek who is passionate about helping others learn about data science and become passionate about it themselves. For the last five years, Charles has worked as a data scientist at Booz Allen Hamilton for various government clients and has done some really neat data science work along the way, hopefully saving US taxpayers some money. Most of his work has been in developing meaningful metrics to assess how well the workforce is performing. For the last two years, Charles has been part of the management team for one of Booze Allen Hamilton’s largest analytic contracts, where he was tasked with increasing the amount of data science on the contract—both in terms of tasks and people.

Even more than the data science work, Charles loves learning about and teaching new technologies and techniques. He has been instrumental in bringing Python scripting to both his government clients and the analytic workforce and has developed a 40-hour Introduction to Analytic Scripting class for that purpose. Additionally, Charles has developed a 60-hour Fundamentals of Data Science class, which he has taught to Booz Allen staff, government civilians, and US military personnel around the world. Charles has a master’s degree from Brandeis University, two bachelor’s degrees from the University of Arizona, and various IT security certifications. In his nonexistent spare time, he plays trombone, spends time with his family, and works on restoring British sports cars.

Presentations

Drill is an open source, schema-free SQL engine that can query all kinds of data. Applying Drill to network security problems potentially offers a leap forward in network analysis. Charles Givre demonstrates how to use Drill to query simple data, complex data, and data from databases and big data sources and walks you through writing your own functions to extend Drill's functionality.

Join Jay Jacobs, Charles Givre, and Bob Rudis, the authors of Data-Driven Security, for a hands-on, in-depth exploration into the foundations of security data science. You’ll learn how to explore and analyze data you probably already have and gain valuable exposure to and experience with tools and techniques to prepare, analyze, and visualize the knowledge hiding in your data.

Ben Hall is the founder of Ocelot Uproar, a company focused on building products loved by users. Ben has worked as a system administrator, tester, and software developer and launched several companies. He still finds the time to publish books and speak at conferences. Ben enjoys looking for the next challenges to solve, usually over an occasional beer. Ben recently launched Katacoda, an online learning environment for developers that helps break down the barriers to learning new technologies such as Docker and containers.

Presentations

Docker offers a lot of advantages, simplifying both development and production environments, but there is still uncertainty around the security of containers. Ben Hall shares his experiences while leading a hands-on demonstration of Docker and container security.

August Huber is an engineer on the Security team at Google. August has worked on a diverse set of assignments across Alphabet; currently, he focuses on endpoint integrity and identity.

Presentations

Hunter King and August Huber explain how to implement machine identity at scale in a heterogeneous environment. Discover the pitfalls of endpoint attestation. Hunter and August made the mistakes so you won't have to.

Ryan Huber does security things at Slack. Before that, Ryan did other security things. When he was 12, he wrote malware in Pascal + inline asm to steal his teacher’s password. His teacher wasn’t impressed.

Presentations

How should an organization approach monitoring networks and hosts to make informed security decisions? Ryan Huber and Nate Brown discuss useful examples of how security and operations teams can become more effective by scaling their visibility into large distributed networks using tools like kernel auditing and large-scale log processing with Elasticsearch and ElastAlert.

Jessy Irwin is a security expert who excels in translating complex cybersecurity issues into simple, relatable terms for nontechnical audiences. Her current areas of interest include making security more accessible for the average person, advocating for strong privacy protections in education for students, building better models for digital security training, and building proactive security communications strategies for consumers, policymakers, small businesses, and Fortune500 companies. In her work as an consultant, security executive, and former security empress at 1Password, she has taught consumers how to better protect themselves, their data, and their identities online. Jessy regularly writes and presents internationally on human-centric security, student privacy, and security communication at events including O’Reilly Security, RSA Conference, TechSummit Amsterdam, Infosec Southwest, and ShmooCon. Her work has appeared in CSO Online, VICE Broadly, Mashable, BuzzFeed, TechCrunch, and CNN.

Presentations

It happens to every security team: after explaining operational security to management, it feels like nothing stuck. Why do eyes glaze over when we talk about encryption? How can we make sense of defense in depth for others? Jessy Irwin shows you how to find common ground and truly share security with nontechnical users, helping better communicate the mindset behind security.

Jay Jacobs is the senior data scientist at BitSight Technologies. Previously, Jay spent four years as the lead data analyst for the Verizon Data Breach Investigations Report. Jay is the coauthor of Data-Driven Security, which covers data analysis and visualizations for information security, and hosts the Data-Driven Security and R World News podcast. Jay is also a cofounder of the Society of Information Risk Analysts and currently serves on its board of directors. Jay is active in the R community; he coordinates his local R user group for the greater Minneapolis area and contributes to local events and functions supporting data analysis.

Presentations

Join Jay Jacobs, Charles Givre, and Bob Rudis, the authors of Data-Driven Security, for a hands-on, in-depth exploration into the foundations of security data science. You’ll learn how to explore and analyze data you probably already have and gain valuable exposure to and experience with tools and techniques to prepare, analyze, and visualize the knowledge hiding in your data.

Presentations

Google’s Safe Browsing team obtains an outsider’s perspective of their systems by engaging with a spectrum of adversaries and allies. Nav Jagpal shares a combination of fun stories and lessons learned and offers recommendations on how to design systems and develop policies to deal with spectrums of behavior.

Merike Käo is the CTO of Farsight Security, where she is responsible for developing the company’s technical strategy and executing its vision. Merike is a recognized global expert in information security. Previously, Merike was CISO for Internet Identity (IID), where she created the strategic direction for improving and evolving the corporate security posture, and founder of Doubleshot Security, where she worked with numerous companies creating strategic operational security and resilient networking architectures. She led security and IPv6-focused strategies at numerous companies, including Boeing, Comcast, and T-Mobile, and worked for Cisco Systems, Inc., where she instigated and led the company’s first security initiative and focused on technical issues relating to network and application performance, routing protocols, and large-scale network design.

Merike is the author of Designing Network Security (Cisco). She is a member of the IEEE and has been an active contributor in the IETF since 1992. She cochaired the IP Performance Metrics (IPPM) working group from 2000 to 2003 and has actively contributed to numerous IETF working groups with a specific focus on operational sanity. She was named an IPv6 Forum Fellow in 2007 for her continued efforts to raise awareness of IPv6 related security paradigms. Merike holds a BSEE from Rutgers University and an MSEE from the George Washington University.

Presentations

Nothing good or bad can happen on the Internet without involving the Domain Name System (DNS), which provides visibility of the global Internet and unparalleled intelligence on cybercriminals and attack methods. Merike Käo discusses the value of DNS to cyber investigations and explores how real-time DNS observations can improve accuracy and response time to cyberattacks.

Dan Kaminsky is cofounder and chief scientist of White Ops, a cybersecurity firm. Dan is an internationally respected technologist who has spent almost two decades protecting the Internet. He is is one of the seven key shareholders able to restore the Internet’s Domain Name System if necessary. An invited expert to the W3C, the guiding organization for the Web, Dan is known for his work in finding a core flaw in the Internet and then leading the charge to repair it.

Presentations

Hacking is a game, and defense both makes the rules and is under no particular obligation to play fair. So cheat. Dan Kaminsky explores better ways to deploy cryptography, protect data, leverage clouds, and more.

Defensive technology that is not practical will not be deployed and will defend nothing at all. Dan Kaminsky discusses how a strong focus on ease of use—for developers, operators, and users—is our only hope for migrating to a more secure Internet.

Ernest Kim is a senior engineer at the MITRE Corporation, where his work has centered mostly around the exploration of frontier technologies and how they can be incorporated into the corporate environment. Ernie has led the team responsible for the corporate strategy on external cloud usage and MITRE’s collaborative development environment and has helped develop and deploy MITRE’s solution on social networking, identity management, and its internal cloud.

Presentations

Ernest Kim shares how the MITRE Corporation, a US federally funded research and development center, integrated security tools into its DevOps chain to get continuous insight into the security posture of the various Linux distributions it uses and rapidly deploy fixes when needed.

Hunter King is an engineer on the Security Operations team at Google. Currently, he focuses on endpoint integrity and identity. Hunter has also been a lead engineer in the Beyond Corp effort for the last five years. He is responsible for hardening client machines against external threats, programmatically detecting machine security posture, and providing internal security consulting. Prior to Google, he was a security researcher at SecureWorks. He enjoys hiking, tinkering, and making lights blink. Hunter holds a bachelor’s degree in computer science from Colgate University.

Presentations

Hunter King and August Huber explain how to implement machine identity at scale in a heterogeneous environment. Discover the pitfalls of endpoint attestation. Hunter and August made the mistakes so you won't have to.

Dor Knafo leads security research at FireGlass, where he is responsible for all malware, web attacks, and reverse engineering research. Prior to FireGlass, Dor spent five years in the IDF Intelligence as a security and research engineer.

Presentations

Your engineering team is using AWS for deploying applications, storing data, hybrid networking, and many other services, but what does it mean for IT security? Dan Amiga and Dor Knafoa offer a technical, hands-on overview of how engineering is using AWS and outline the missing security pieces that should be put in place.

Isolation is a new approach to security that is gaining momentum across many industries. Dan Amiga and Dor Knafo cover the important things you need to know about isolation: why now, how isolation can improve productivity, detection versus isolation, technologies, different approaches, caveats, evaluation criteria, live demos, and deployment strategies into the existing IT security environment.

Zane Lackey is the cofounder and CSO at Signal Sciences and serves on the advisory boards of the Internet Bug Bounty Program and the US State Department-backed Open Technology Fund. Prior to Signal Sciences, Zane was the director of security engineering at Etsy and a senior security consultant at iSEC Partners. He has been featured in notable media outlets such as the BBC, Associated Press, Forbes, Wired, CNET, Network World, and SC Magazine. A frequent speaker at top industry conferences, Zane has presented at BlackHat, RSA, USENIX, Velocity, Microsoft BlueHat, SANS, OWASP, and QCon and has given invited lectures at Facebook, Goldman Sachs, New York University, and Reykjavík University. Zane is a contributing author of Mobile Application Security (McGraw-Hill), a coauthor of Hacking Exposed: Web 2.0 (McGraw-Hill), and a contributing author/technical editor of Hacking VoIP (No Starch Press). He holds a bachelor of arts in economics with a minor in computer science from the University of California, Davis.

Presentations

The SDLC has been the model for web application security over the last decade. However, the SDLC was originally designed in a waterfall world and often causes more problems than it solves in the shift to Agile, DevOps, and CI/CD. Zane Lackey shares actionable tips on the most effective application security techniques in today's increasingly rapid environment of application creation and delivery.

Marcelle Lee is an analyst with the federal government, an adjunct professor at Anne Arundel Community College, and cofounder of Fractal Security Group, LLC. Marcelle is involved with several industry organizations, working groups, and boards, including the Women’s Society of Cyberjutsu and the ISSA Women in Security Special Interest Group. Marcelle holds CSX-P, GCFA, GCIA, GCIH, GCCC, C|EH, CCNA, Security+, Network+, and ACE industry certifications as well as several degrees. She is currently pursuing a master’s degree in cybersecurity at UMBC. Marcelle is a cybersecurity competition enthusiast and an active volunteer in outreach to students and the community.

Presentations

You don’t have to be a SOC analyst or an incident response guru to leverage network forensics. Marcelle Lee and Lisa Foreman-Jiggetts explore the wealth of information that can be learned through network traffic analysis.

Noé Lutz is a senior staff software engineering and tech lead on the Safe Browsing team at Google. Noé leads the antiphishing and social engineering efforts within Safe Browsing and is responsible for protecting Google and its users from deceptive web content that might put users’ digital identity or devices at risk. He also leads the Safe Browsing API and clients effort within Safe Browsing, whose mission is to bring Safe Browsing protection to over two billion devices. Noé received an MSc in computer science and information security from ETH Zurich, Switzerland, and is currently pursuing an MBA part time at the Haas School of Business at UC Berkeley.

Presentations

Developers face significant challenges defending their platforms from attackers who try to co-opt platforms to distribute attacks on users. Noé Lutz discusses lessons learned over the past decade by the Google Safe Browsing (GSB) team about how to thwart these increasingly sophisticated threats, focusing on how developers can leverage GSB’s open source APIs to protect their users.

Quentin Machu is an engineer on the Quay team at CoreOS and a maintainer of the Clair open source project, which scans containers for vulnerabilities. He is passionate about software engineering and distributed systems. Quentin completed an award-winning OpenStack project as part of his master’s in computer engineering.

Presentations

Clair is an open source container image security analyzer that enables developers to build services that scan containers for security threats and vulnerabilities. Quentin Machu offers an overview of Clair and explores a real-life example to demonstrate how Clair is able to automatically detect known vulnerabilities in Docker and rkt containers before they get exploited.

Jennifer Martin has worked at the intersection of law and cybersecurity for the past 15 years. Her expertise in this area has been uniquely honed through her experience managing cyber risks and responding to threats from a variety of perspectives: as the director of cyber incident response and operations and as lead in-house internal investigations counsel at Symantec; as a managing director of a top cybersecurity and forensics consulting firm; and as a federal and local cybercrime prosecutor and policy maker. As both in-house counsel and a private consultant, Jennifer has managed and advised a number of organizations on cyber-risk mitigation and information management and has personally developed the people, processes, and holistic programs necessary for operational excellence, internal investigations, and crisis management. She has supervised countless cyber incident response matters, including data breaches, insider thefts of trade secrets, and intrusions, from initial detection through containment, notification, recovery and remediation. She is recognized for her skill in building effective cross-functional teams comprised of critical stakeholders—impacted business units, and legal, technical, and communications departments. In addition, she has advised executive leadership on programmatic strategies for mitigating cyber risk and on evolving legal, regulatory, and ethical expectations and requirements.

Jennifer’s work as an early federal cybercrime prosecutor, including litigating a high-profile Economic Espionage Act case against foreign software engineers, and as a policy maker within the US Department of Justice’s Computer Crime & Intellectual Property Section, provides her with historical insight into the evolving threat landscape and the consequent law enforcement and regulatory responses. Through her work negotiating the Council of Europe Convention on Cyber Crime, with the European Union, the Organization of American States, the Organization for Economic Co-operation and Development (OECD), and bilaterally with other countries on the multinational aspects of cybercrime and privacy, she has gained significant knowledge about the difficult jurisdictional and cultural issues associated with technological innovation. Jennifer is a frequent lecturer and panelist on cybersecurity regulation and corporate governance, incident response, online fraud and abuse, economic espionage, digital forensics, and electronic discovery in a variety of legal forums, including the San Francisco Bar Association, the American Bar Association, the East-West Institute, the New York State Bar, the New York City Bar, LegalTech, the Practicing Law Institute, and law firm and industry CLE programs.

Presentations

The single most important element to successful cybersecurity incident response is developing a holistic, cross-functional incident response process. Jennifer Martin provides guidance for building trust and educating stakeholders on each others' priorities, roles, and responsibilities to mitigate against internal confusion and strife during a crisis.

Desi Matel-Anderson is the chief wrangler of the Field Innovation Team (FIT) and CEO of the Global Disaster Innovation Group, LLC. FIT has deployed teams to several disasters including the Boston Marathon bombings, assisting at the scene with social media analysis; the Moore, Oklahoma, tornadoes, leading coding solutions; Typhoon Haiyan in the Philippines, through the building of cellular connectivity heat maps; and the Oso, Washington, mudslides, with unmanned aerial system flights, which resulted in a 3D print of the topography for incident command. The team also deploys to humanitarian crises, which have included running a robot petting zoo at the US/Mexico border and leading a women’s empowerment recovery movement after the Nepal earthquakes. Recently, her team deployed to Lebanon for the Syrian refugee crisis, supporting artificial intelligence for access to health care, establishing the power grid, and empowering refugees through evacuation routes utilizing 360-degree virtual reality capture video.

Previously, Desi was the first chief innovation advisor at FEMA, where she led the innovation team to areas affected by Hurricane Sandy to provide real-time problem solving in disaster response and recovery and ran think tanks nationwide to cultivate innovation in communities. Desi’s emergency management experience began when she volunteered in Northern Illinois University’s Office of Emergency Planning. She then worked with the Southeast Wisconsin Urban Area Security Initiative and the City of Milwaukee Office of Emergency Management. In addition to her regional emergency management duties, she worked as a nationwide assessor of the Emergency Management Accreditation Program. Desi lectures on innovation at Harvard, Yale, UC Berkeley, and several other universities across the country and serves as consultant on innovative practices and infrastructure for agencies and governments, nationally and internationally. Desi attended the National Preparedness Leadership Institute at Harvard’s Kennedy School of Government and School of Public Health and served on the advisory board of Harvard’s National Preparedness Leadership Institute in 2013. She holds a JD from Northern Illinois University.

Presentations

You’ve been hacked. . .or are you doing the hacking? Join Desiree Matel-Anderson to solve a simulated hack in real time and put yourself in the shoes of a white hat defending essential data or a black hat fortifying your access to private data.

Allison Miller works in product management at Google, mitigating risks to Google and end users. Previously, Allison held technical and leadership roles in security, risk analytics, and payments/commerce at Electronic Arts, Tagged.com, PayPal/eBay, and Visa International. Allison is a proven innovator in the security industry and regularly presents research on risk analytics, cybersecurity, and economics. She is known for her expertise in designing and implementing real-time risk prevention and detection systems running at internet scale.

Program chairs Courtney Nash and Allison Miller welcome you to the first day of keynotes.

Marie Moe cares about public safety and securing systems that may impact human lives. Marie is a research scientist at SINTEF, the largest independent research organization in Scandinavia, and is an associate professor at the Norwegian University of Science and Technology, where she teaches a class on incident response and contingency planning. She has experience as a team leader at the Norwegian Cyber Security Centre NorCERT, where she did incident handling of cyberattacks against Norway’s critical infrastructure. Marie is a member of the grassroots organization “I Am The Cavalry" and is currently doing research on the security of her own personal critical infrastructure, an implanted pacemaker that generates every single beat of her heart. She holds a PhD in information security. Marie loves to break crypto protocols but gets angry when the weak crypto is in her own body.

Presentations

Stein Inge Morisbak is manager and head of Bekk Consulting’s commitment to continuous delivery, DevOps, and the cloud. Stein Inge is a true Agile evangelist with 20 years of experience both contributing to and helping others become better at producing excellent software together with demanding customers. He is also an experienced speaker at conferences and the founder of DevOps Norway Meetup.

Presentations

In a world of continuous everything, each discipline has to find ways to provide value fast and reliably—whether it's business people adapting to an ever-changing world, developers delivering software many times per day, or operations providing high-availability infrastructure in an instant. Stein Inge Morisbak and Erlend Oftedal explore how to integrate security into this work stream.

Katie Moussouris is the founder and CEO of Luta Security, which specializes in helping businesses and governments work with hackers to better defend themselves from digital attacks. Katie is a noted authority on vulnerability disclosure and bug bounties and advises companies, lawmakers, and governments on the benefits of hacking and security research to help make the internet safer for everyone. Katie helped the US Department of Defense start the government’s first bug bounty program, Hack the Pentagon. Previously, at Microsoft, she worked on industry-leading initiatives such as Microsoft’s bug bounty programs and Microsoft vulnerability research. She is also a subject-matter expert for the US National Body of the International Standards Organization (ISO) in vuln disclosure (29147), vuln handling processes (30111), and secure development (27034). Katie is a visiting scholar with MIT’s Sloan School, doing research on the vulnerability economy and exploit market, a New America Foundation fellow, and a Harvard Belfer affiliate. Katie has served on the CFP review board for RSA, O’Reilly Security Conference, and Shakacon, and she is an advisor to the Center for Democracy and Technology. Katie is a frequent public speaker and has given keynotes and talks at many international conferences, including Hack in the Box Amsterdam 2014, Security Analyst Summit 2014, Nordic Security Con 2013, and BruCON 2012, to name just a few.

Presentations

Courtney Nash chairs multiple conferences for O’Reilly Media and is the strategic content director focused on areas of modern web operations, high-performance applications, and security. An erstwhile academic neuroscientist, she is still fascinated by the brain and how it informs our interactions with and expectations of technology. She’s spent 17 years working in the technology industry in a wide variety of roles, ever since moving to Seattle to work at a burgeoning online bookstore. Outside work, Courtney can be found biking, hiking, skiing, and photographing the Cascade Mountains near her home in Bellingham, Washington.

Program chairs Courtney Nash and Allison Miller welcome you to the first day of keynotes.

Jelle Niemantsverdriet is a director at Deloitte specializing in cyber incident response. Jelle has extensive experience in leading large international IR and forensics projects across various industries worldwide. While working at Verizon, he was one of the coauthors of the annual Data Breach Investigations Report. Jelle draws on his experience in dealing with incidents to help companies effectively build their security organizations. He passionately looks for analogies with other disciplines and tries to convey the view that security should truly enable the objectives of the business. Jelle is a regular conference speaker and aims for lively and nonstandard presentation content and style.

Presentations

Why do certain devices, programs, or companies lead to utter frustration while others consistently delight us? What can we learn from these insights when dealing with human behavior related to security? Jelle Niemantsverdriet explores user-centered design methods in other disciplines like economy, psychology and marketing that can help us build security in a truly usable way.

Described by coworkers as “not the lawyer we need, but the lawyer we deserve,” Brendan O’Connor is a security researcher, practitioner, and consultant based in Seattle, WA. While he is a lawyer, he is not your lawyer. Brendan is admitted to the Montana bar and serves as vice chair of the ABA’s Information Security Committee. He was awarded two DARPA Cyber Fast Track contracts for his security research, which focuses primarily on enabling access to security and privacy through development of disposable computing and sensing tools. He has taught at an information warfare school, played the violin, transmitted on amateur radio (K3QB), and tried to convince his cat not to eat him when he dies.

Presentations

Security people are "only members of the public who are paid to give full-time attention to duties which are incumbent on every citizen in the intent of the community welfare," but often the relationship between security and everyone else is fraught. Brendan O'Connor explores how another group charged with protecting everyone handled this problem with humor, kindness, and a commitment to service.

Erlend Oftedal is an experienced security consultant and developer currently working as CTO at Blank Oslo. He has worked as a developer and secure coder for over 10 years. He is an experienced speaker and the OWASP Norway chapter lead.

Presentations

In a world of continuous everything, each discipline has to find ways to provide value fast and reliably—whether it's business people adapting to an ever-changing world, developers delivering software many times per day, or operations providing high-availability infrastructure in an instant. Stein Inge Morisbak and Erlend Oftedal explore how to integrate security into this work stream.

Pat Parseghian joined Google in 2007, where she was reunited with former colleagues from Bell Labs, Princeton University, Transmeta, and Sun Microsystems. Pat currently works with the team responsible for the OnHub router, focusing on provenance. She enjoys riding a bicycle up and especially down hills.

Presentations

Do you know what’s connected to your network? While 802.1X is commonly used to authenticate connections to wireless networks, successfully applying the same technology to your wired infrastructure is far from straightforward. Pat Parseghian shares the story of what a small, determined team did to make wired 802.1X a reality on Google’s enterprise network.

Alex Pinto is the chief data scientist of Niddel and the lead for the MLSec Project. Alex is currently dedicating his waking hours to the development of machine learning algorithms and data science techniques to automate threat hunting (I know) and making threat intelligence “actionable” (I know, I know). If you care about certifications at all, Alex is currently a CISSP-ISSAP, CISA, CISM, and PMP. He was also a PCI-QSA for almost seven years but is a mostly ok person in spite of that.

Presentations

Alex Pinto demonstrates how to apply descriptive statistics, graph theory, and nonlinear scoring techniques on the relationships of known network IOCs to log data and how to use those techniques to empower IR teams to encode analyst intuition into repeatable data techniques that can be used to simplify the triage stage and get actionable information with minimal human interaction.

Is “information technology polymath” a thing? If so, James Plouffe fits the bill. With over 15 years’ experience, James has provided IT and InfoSec services and insight for customers ranging from mid-size enterprises to the Global 10. As a member of the MobileIron Product and Ecosystem team, he is responsible for driving integrations with new technology partners, enhancing existing integrations, and helping customers use those integrations to be successful in making modern endpoints a seamless part of their IT and InfoSec strategies. Prior to joining MobileIron, James spent nearly a decade as the network architect for Toyota Motor Engineering and Manufacturing, North America, where he was responsible for designing and building the LAN, WAN, and perimeter security infrastructure for facilities throughout the United States, Canada, and Mexico. He is also a technical consultant for the award-winning “hacker” drama Mr. Robot on USA Network.

Presentations

We keep our whole lives on our mobile devices. If we use our personal devices for work, we have still more sensitive information in the form of company data. Many employees are concerned about what personal information is visible to their employers. James Plouffe explores whether it's possible to secure corporate data and respect privacy.

Guy Podjarny is a cofounder and CEO at Snyk.io, where he focuses on securing open source code. He was previously CTO at Akamai and founder of Blaze.io. He also worked on the first web app firewall and security code analyzer. Guy is a frequent conference speaker, the author of Responsive & Fast, High Performance Images, and the upcoming Securing Third Party Code, and the creator of Mobitest. He also writes on Guypo.com and Medium.

Presentations

From Heartbleed to ImageTragick, vulnerabilities in open source are repeatedly shaking the Web. But who is responsible for fixing these issues? OSS is a community feat, and so must securing it be. Guy Podjarny discusses the roles for authors, consumers, and tools in keeping open source secure.

Kyle Rankin is the vice president of engineering operations for Final Inc. and the author of a number of books, including DevOps Troubleshooting, The Official Ubuntu Server Book, Knoppix Hacks, and an upcoming book on server hardening. Kyle is an award-winning columnist for Linux Journal and has written for PC Magazine, TechTarget, and other publications. He speaks frequently on security and open source software at conferences such as OSCON, SCALE, CactusCon, Linux World Expo, and Penguicon and a number of Linux user groups.

Presentations

Capture the Flag tournaments have long been used to test hacker skills, but they can also serve as effective security training for developers. Kyle Rankin shares a case study where he turned teams of developers with no prior security training against each other in a CTF arena featuring their own applications and watched them rack up points as they popped shells in each other's applications.

Anna Ruecker is a privacy professional with a strong background in US, European, and international business law. Anna is licensed as a lawyer in California and Germany and certified with the IAPP (CIPP/US). Anna currently manages cross-functional privacy reviews for consumer-facing products and features at Facebook. Prior to her role as privacy program manager, she worked with the privacy team of US-based consulting firm Sunera LLC. Anna is also cofounder of WISP, a Bay Area-based network of women in security and privacy. WISP advances women’s careers in these industries through knowledge exchange, networking opportunities, and a peer-to-peer mentorship program.

Presentations

Katrin Anna Ruecker explains how Facebook's privacy managers work with product teams to build products with privacy in mind. Join Anna to learn about the privacy review process and how Facebook designs privacy controls and user education.

Chiara Rustici is a London- and Rome-based independent consultant and analyst who helps teams implement the new EU privacy framework (GDPR) requirements and IT leaders escalate the privacy conversation to the boardroom, both in Europe and rest of the world. Chiara’s contributions to this topic have been published on GitHub and Advisen Ltd. and in ComputerWeekly, Help Net Security, PrivacySense, and IQPC/IICE magazine. Previously, Chiara taught international law and jurisprudence, published research on legal reasoning, and, more recently, managed the P&L of several businesses in the city.

Presentations

Security teams fought hard to get board attention and budget. Often they own the privacy/GDPR brief too, allocated to them as an afterthought. Chiara Rustici explains why it is impossible for GDPR implementation to go ahead unless the board has given a clear data business model and helps escalate the personal data cost/benefit equation to the C-suite.

Ido Safruti is the cofounder and CTO at PerimeterX, which is building a behavior-based web security service. Previously, Ido headed a product group in Akamai focusing on web performance and scalability. Ido joined Akamai through the acquisition of Cotendo, where he led product and strategy. His earlier roles include GM in charge of product engineering and operation, R&D manager, chief scientist, and head of engineering at various companies and the Israeli intelligence, where he focused on high-capacity, large-scale web and network services and cybersecurity systems.

Presentations

Using social logins is a good way to boost security. However, this often makes site owners complacent, skipping security measures they still need to maintain. Ido Safruti and Tomer Cohen explain how attackers have found ways to exploit this and bypass the auth providers’ defenses, attacking some of the world’s largest services, and demonstrate how to protect yourself from such attacks.

Bots are a reality, and it’s hard to separate your users and good bots (e.g., search) from the bad ones (brute force, fraud, scrapers, etc.). Ido Safruti and Ariel Sirota review how bots work, explain how to operate a few common bots, and, most importantly, show what you can do to detect and block malicious activity while enabling your users and good bots to work uninterrupted.

Emily Schechter is product manager for Chrome Security at Google, working on Chrome Security UX and HTTPS adoption on the Web. Previously, Emily worked on the Google Safe Browsing and Anti-Malvertising teams to keep Google and web users safe from online threats. Emily has degrees in computer engineering and economics from Dartmouth College.

Presentations

HTTPS is no longer only for sensitive sites; it’s a critical piece of the web user experience and necessary for the long-term health of the Web. Google is methodically hunting and tackling major hurdles for TLS adoption to guide the Web toward HTTPS everywhere. Emily Schechter shares lessons learned on the road to ubiquitous HTTPS, focusing on the benefits of HTTPS.

Masha Sedova is the senior director of Trust Engagement at Salesforce, where her team drives a secure mindset among all employees using user security behavior testing and data analytics paired with elements of gamification and positive psychology. The scope of Masha’s work runs the gambit from general awareness of phishing and reporting activity to secure engineering practices by developers and engineers. She and her team have built security simulations, company-wide competitions, and custom lab environments to drive effective learning of vital security behaviors. Her efforts have culminated in a security program that is altering the way Salesforce’s employees, customers, partners, and large corporations approach security. Previously, Masha was the principal founder of Dymera Strategies Consulting, where she conducted social engineering and security awareness training for international companies and government agencies based on tools, techniques, and methods of prominent cyberwarfare actors. Masha has also worked for Northrop Grumman and BAE Systems as a cyberthreat researcher.

Presentations

Masha Sedova shares the steps she’s taken to increase the reporting of suspicious activity by her employees and explores the measurable impact it has had in helping keep Salesforce’s employees and customers secure.

Ariel Sirota is vice president of engineering at PerimeterX. Ariel has over 19 years of experience in building network security products and managing large product development and engineering teams. Previously, Ariel headed the engineering organization, including a team of over 80 developers, at Check Point Software Technologies, focusing on endpoint security and security management products, was R&D manager and head of engineering at BMC Software, and held leadership positions at New Dimension Software prior to its acquisition by BMC.

Presentations

Bots are a reality, and it’s hard to separate your users and good bots (e.g., search) from the bad ones (brute force, fraud, scrapers, etc.). Ido Safruti and Ariel Sirota review how bots work, explain how to operate a few common bots, and, most importantly, show what you can do to detect and block malicious activity while enabling your users and good bots to work uninterrupted.

Brian Sletten is the president of Bosatsu Consulting, where he focuses on web architecture, resource-oriented computing, social networking, the semantic web, data science, 3D graphics, visualization, scalable systems, security consulting, and other technologies of the late 20th and early 21st centuries. A liberal arts-educated software engineer with a focus on forward-leaning technologies, Brian has worked in many industries, including retail, banking, online games, defense, finance, hospitality, and healthcare. He holds a BS in computer science from the College of William and Mary. Brian is a rabid reader and devoted foodie with excellent taste in music. If pressed, he might tell you about his international pop recording career.

Presentations

Brian Sletten introduces Google Macaroons, a fine-grained, decentralized authorization mechanism that is web friendly and suitable for cloud and microservices.

Phil Stanhope is vice president of technology at Dyn. Phil’s focus varies across engineering, infrastructure, architecture, analytics, operations, and emerging technology strategy and planning. Phil is a known thought leader in the industry, having served on numerous advisory boards and technology adoption programs over the past 25 years.

Presentations

Dyn was recently the subject of a major DDoS attack, its first significant disruption in over 15 years of operation. Phil Stanhope shares Dyn's experience before exploring the rapid evolution of multilayer attacks happening on the Internet and outlining the steps to take to deal with them from an ops perspective.

Nick Sullivan is a leading cryptography and security technologist. He currently works on cryptographic products and strategy for CloudFlare. Previously, Nick held the prestigious title mathemagician at Apple, where he encrypted books, songs, movies, and other varieties of mass media.

Presentations

Bootstrapping the identity of services deployed with Docker containers is hard. Nick Sullivan offers an overview of an open source tool called PAL CloudFlare built to help solve this problem and explains how PAL can be used to bolster the security of your Docker container deployments.

Mira Thambireddy is an information security engineer at LinkedIn, where she is a part of LinkedIn’s Application Security and Penetration Testing team. Previously, Mira worked as a security consultant in Silicon Valley. She holds a master’s degree in information security from Carnegie Mellon University.

Presentations

As traffic to websites and web applications increases, infrastructure must be put in place to handle scaling—but with that comes an increased risk for security breaches. James Baker and Mira Thambireddy dive into specific client-side vulnerabilities, discussing design patterns that scale an application securely and which frameworks currently in the market already employ these practices.

Steve Touw is the cofounder and CTO of Immuta. Steve has a long history of designing large-scale geotemporal analytics across the US intelligence community, including some of the very first Hadoop analytics as well as frameworks to manage complex multitenant data policy controls. He and his cofounders at Immuta drew on this real-world experience to build a software product to make data experimentation easier. Previously, Steve was the CTO of 42Six Solutions (acquired by Computer Sciences Corporation), where he led a large big data services engineering team. Steve holds a BS in geography from the University of Maryland.

Presentations

The global populace is asking for the IT industry to be held responsible for the safe-guarding of individual data. If the cat is out of the bag and collection will not stop, then the next logical question is how do we protect the privacy of individuals? Steven Touw examines how to design your data and analytics architecture to keep your data science teams delivering results legally.

Mandi Walls is technical practice manager for EMEA at Chef. Mandi travels the world helping organizations increase their effectiveness using configuration management and modernizing IT practices. Previously, she ran large web properties for AOL, including AOL.com, Games.com, and Moviefone. She is a regular speaker at technical conferences and is the author of Building a DevOps Culture, published by O’Reilly. Mandi holds a master’s degree in computer science from GWU and an MBA from UNC Kenan-Flagler.

Presentations

InSpec is an open source runtime framework and rule language used to specify compliance, security, and policy requirements for testing any node in your infrastructure. Mandi Walls offers an introduction to the InSpec language and workflow, which takes the tediousness out of tracking security and compliance requirements for audits.

Shannon Yavorsky is a US and UK qualified technology and intellectual property transactions partner in the San Francisco office of Kirkland & Ellis LLP. Shannon focuses her practice on a wide variety of transactions involving intellectual property and information technology, such as licensing, joint ventures, IT services, manufacturing, distribution and supply agreements, mergers and acquisitions, private equity investments, and secured lending and restructuring. She has extensive experience in European data protection, US data privacy, and cybersecurity issues and frequently writes and speaks about emerging data privacy and security issues.

Presentations

The failure of a target company to comply with applicable privacy and data security legislation, regulations, and standards can present a significant risk to the acquiring company. Shannon Yavorsky explains why understanding a target’s data privacy and data security profile has become a critical consideration in M&A transactions.